Merge "Fix policy default_rule issue"

author: Jenkins <jenkins@review.openstack.org> 2013-07-30 14:21:27 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-07-30 14:21:27 +0000
commit: f58c936582a17cffcdcdb5bf624f24d574abaf0a (patch)
tree: 79d1b7c24678ce19c4da4240a840c29fbf3576eb /openstack
parent: df53b596491563aa1681d4ad21fd1ade1108d2e3 (diff)
parent: 3626b6db91ce1e897d1993fb4e13ac4237d04b7f (diff)
download: oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.gz
oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.xz
oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.zip
1 files changed, 12 insertions, 6 deletions
diff --git a/openstack/common/policy.py b/openstack/common/policy.py
index 00531e5..02335ca 100644
--- a/openstack/common/policy.py
+++ b/openstack/common/policy.py
@@ -115,12 +115,18 @@ class Rules(dict):
     def __missing__(self, key):
         """Implements the default rule handling."""
 
+        if isinstance(self.default_rule, dict):
+            raise KeyError(key)
+
         # If the default rule isn't actually defined, do something
         # reasonably intelligent
         if not self.default_rule or self.default_rule not in self:
             raise KeyError(key)
 
-        return self[self.default_rule]
+        if isinstance(self.default_rule, BaseCheck):
+            return self.default_rule
+        elif isinstance(self.default_rule, six.string_types):
+            return self[self.default_rule]
 
     def __str__(self):
         """Dumps a string representation of the rules."""
@@ -153,7 +159,7 @@ class Enforcer(object):
     """
 
     def __init__(self, policy_file=None, rules=None, default_rule=None):
-        self.rules = Rules(rules)
+        self.rules = Rules(rules, default_rule)
         self.default_rule = default_rule or CONF.policy_default_rule
 
         self.policy_path = None
@@ -172,13 +178,14 @@ class Enforcer(object):
                             "got %s instead") % type(rules))
 
         if overwrite:
-            self.rules = Rules(rules)
+            self.rules = Rules(rules, self.default_rule)
         else:
-            self.update(rules)
+            self.rules.update(rules)
 
     def clear(self):
         """Clears Enforcer rules, policy's cache and policy's path."""
         self.set_rules({})
+        self.default_rule = None
         self.policy_path = None
 
     def load_rules(self, force_reload=False):
@@ -194,8 +201,7 @@ class Enforcer(object):
 
         reloaded, data = fileutils.read_cached_file(self.policy_path,
                                                     force_reload=force_reload)
-
-        if reloaded:
+        if reloaded or not self.rules:
             rules = Rules.load_json(data, self.default_rule)
             self.set_rules(rules)
             LOG.debug(_("Rules successfully reloaded"))
author	Jenkins <jenkins@review.openstack.org>	2013-07-30 14:21:27 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-07-30 14:21:27 +0000
commit	f58c936582a17cffcdcdb5bf624f24d574abaf0a (patch)
tree	79d1b7c24678ce19c4da4240a840c29fbf3576eb /openstack
parent	df53b596491563aa1681d4ad21fd1ade1108d2e3 (diff)
parent	3626b6db91ce1e897d1993fb4e13ac4237d04b7f (diff)
download	oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.gz oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.xz oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.zip